Feature Request - BOVPN bridge

a bovpn bridge would be nice
maybe in bovpn over TLS this should be possible quite easy, as moble user vpn over tls already can do bridge mode.

this would be usefull in a failover scenario where servers are replicated to a remote site.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Norman

    A bridge would suggest that you're trying to send traffic to the same subnet on the other side of a tunnel -- BOVPNs don't really have a way to do this as they're built on routes.

    For Mobile VPNs, it's pretty straightforward because you can send everything across the tunnel, but for a BOVPN that would effectively mean making multiple (hundreds or thousands) of /32 routes -if- the remote device(s) even supported that.

    If you're looking to masquerade a distant network that's on the same subnet as your local one, I'd suggest using 1:1 NAT.

    -James Carson
    WatchGuard Customer Support

  • edited September 2022

    the idea is to bring up a server from backup in a different location without reconfiguring network on any device.

    https://openvpn.net/community-resources/ethernet-bridging/

    "By bridging a physical ethernet NIC with an OpenVPN-driven TAP interface at two separate locations, it is possible to logically merge both ethernet networks, as if they were a single ethernet subnet."

  • We OpenVPN as well on Cradlepoint Firewalls for mirroring traffic from one site to another for a specialized Medical Device.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @TKSHAROLD We don't have any plans on implementing a layer 2 bridge via OpenVPN. You can use an OpenVPN client to connect to the firewall, but the IP address on the distant side of the firewall will be on a different subnet.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.